2/17/2012

A long time ago I have implemented Content Security Policy as Rack middleware for my Ruby on Rails project. In short, CSP is a XSS mitigation mechanism. Server responds with HTTP header which defines trustworthy sources for different types of content (js, css, images) and browser restricts content from other sources. It's very powerful and you definitely should implement it along with other header-based security features (like X-Frame-Options, Origin, Strict-Transport-Security) especially as long as it won't take much time.

A couple of days ago I decided that it worths to publish middleware as a separate gem. I googled a bit and found csp_easy. However, it lacked few features (hash-based directives configuration, support to WebKit, Report-Only mode) and specs, so I decided not to fork and push my changes (I know it looks bad), but just to publish my own version.

9
comments:

hey, AlexI saw your post about selenium how to verify text color on page, dont know how to contact, so leave a msg here, if you could see the msg, please help if you would like to. Thanks. I'm wondering does Selenium RC can do verifing text color on page? I'm not using webdriver for one of my test, but I want to verify a text color here using Selenium RC.Thank you so much.

wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, QA online trainingamong the QA in Hyderabad. Classroom Training in Hyderabad India

wonderful information, I had come to know about your blog from my friend nandu , hyderabad,i have read atleast 7 posts of yours by now, and let me tell you, your website gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanks a ton once again, Regards, QA online trainingamong the QA in Hyderabad. Classroom Training in Hyderabad India

I was totally amazed when i saw this website Best testing tools Online Training first time i thought this is what i am looking for from a long time i am very thankful to you for helping not only me but to all those guys who are new to this IT SECTOR and who wants to make a career ih this sector.

I was totally amazed when i saw this website Best testing tools Online Training first time i thought this is what i am looking for from a long time i am very thankful to you for helping not only me but to all those guys who are new to this IT SECTOR and who wants to make a career ih this sector.

Thanks for sharing this article,and it would be a useful info,Hi We at Colan Infotech Private Limited best web design company in chennai,is Situated in US and India, will provide you best service inqa testing services .